If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hybrid View

How to Log VPN Access - Cisco VPN

I have a handful of techs that have VPN access to my data center via Cisco VPN client software. I would like to be able to log their VPN access (e.g. cisco userid, date/time, external IP, etc...). Ideally to syslog.

Well not sure if it would help or if it pertains to your situation but you could setup a TACACS server, this would provide logging.. hopefully this is what your looking for. some of the places I've worked at before used TACACS for logging and authentication.

Thanks moxquito. I was hoping to avoid installing RADIUS or TACACS. It's only a handful of techs. I would be curious to know if anyone has any experience with the free version of tacacs that cisco provides, but doesnt support. Other recommendations? Servers are opensuse 10.3 64 bit.

I already have the syslog setup and working fine. However, regardless of which logging level I set, I dont get the userid for the login/session connection. I can get many messages. e.g. login attempts, crypto handshakes, tunnel creations, logoff, but none of the message contain the userid used for authentication/authorization.

Besides knowing which user is logged in AAA can show you which commands they entered. You also have more fine grained privileges, the enable password can be different for each user and you can limit which commands they're allowed even when in enable mode.

Oliver's Law:
Experience is something you don't get until just after you need it.

Gave up trying to get tac_plus installed and configured on 64bit opensuse.
Ran into a whole variety of compile issues. Installed freeradius. Probably overkill, but the install/config was a breeze. Thanks again for your suggestions.